Problem solve Get help with specific problems with your technologies, process and projects.

Securing a server for e-commerce

I have a business, and I want to set up a server so that my customers' information will be secure while they are shopping online. What security program do you recommend that I install? How do I go about it?
Unfortunately, there is no easy answer to your question. There are several guidelines for securing servers depending upon whether they are Unix-based Apache servers or Microsoft IIS servers. These are available from SANS, NSA and other places. There is also a tip on searchSecurity for protecting your Web servers.

Clearly, you will want all sensitive traffic to be protected by SSL or other encryption between your customers and your Web server. If any information is stored on the Web server, it should be encrypted. If you are using third party hosting services, you will need to find a way to get that information back to you securely. You might be interested in a paper I wrote in 1999 entitled, Are Secure Internet Transactions Really Secure?

However, there is no single magic program to install that makes your server secure.

For more information on this topic, visit these other searchSecurity resources:
  • Web Security Tip: SQL Server user-security checklist
  • Web Security Tip: ASP.NET authentication: Three new options for Web services
  • Infosec Bookshelf: SQL Server Security -- Chapter 2, Under Siege: How SQL Server is Hacked
  • This was last published in August 2004

    Dig Deeper on Web Server Threats and Countermeasures

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.